Auskunft zu diesem Dagstuhl-Seminar erteilt

Dokumente

Summary

From July 13--16, 2014, more than 30 researchers from the domain of critical infrastructure security met at Schloss Dagstuhl to discuss the current state of security in industrial control systems.

Recent years have highlighted the fact that security precautions of information and communication technology (ICT) in many critical infrastructures are clearly insufficient, especially if considering targeted attacks carried out by resourceful and motivated individuals or organizations. This is especially true for many industrial control systems (ICS) that control vital processes in many areas of industry that are relying to an ever-larger extent on ICT for monitoring and control in a semi or fully automated way. Causing ICT systems in industrial control systems to malfunction can cause huge economic damages or even endanger human lives. The Stuxnet malware that actually damaged around 1000 Uranium enrichment centrifuges in the Iranian enrichment facility in Natanz is the most well-known reported example of an ICT attack impacting ICS.

This situation led to increased efforts in research which also resulted in a number of Dagstuhl seminars related to this topic of which this seminar is a follow-up event, namely two Dagstuhl seminars on "Network Attack Detection and Defense" in 2008 and 2012 and one on "Securing Critical Infrastructures from Targeted Attacks" held in 2012. The main objective of our this latest seminar was to discuss new approaches and ideas on how to detect attacks on industrial control systems and how to limit the impact on the physical components. This is closely coupled to the question of whether and how reactive security mechanisms like Intrusion Detection Systems (IDS) can be made more ICS- and process-aware. To some extent it seems possible to adopt existing security approaches from other areas (e.g., conventional networks, embedded systems, or sensor networks) and one of the questions is whether adopting these approaches is enough to reach the desired security level in the specific domain of industrial control systems, or if approaches specifically tailored for ICS or even single installations provide additional benefits.

The seminar brought together junior and senior experts from both industry and academia, covering different scenarios including electrical grids, but also many other control systems like chemical plants and dike or train control systems. Apart from the detection and prevention of attacks by both security and safety mechanisms, there was an extensive discussion on whether or not such systems should be coupled more strongly from a security perspective. It was also argued that there exists a very diverse space of application domains, many of which have not yet been subject to much study by security researchers, for various reasons. Many of these discussions were triggered by plenary or short talks, covering topics from the state of the art in ICS security, forensics in ICS, security assessments, and the new application domain of flood management.

Apart from talks and subsequent discussions, a number of working groups were organized during the seminar, intended to address specific issues in the field. In total, there were four working groups, each of which provided a summary of their results included in this report. The first was on forensics, discussing how attacks can be detected and analyzed after the fact. A second working group addressed the issue of security and risk management, analyzing why existing IT security approaches do not work for ICS and discussing potential improvements. Industry 4.0 and the wide range of new and non-classical ICS use cases was the topic of a third working group, which discussed the new security challenges arising from these emerging research topics. Finally, there was a working group on the detection of cyber-physical attacks; a core question here were advantages and disadvantages of process-aware intrusion detection mechanisms. The group also discussed the interaction between intrusion detection, intrusion response, and security management.

Based on the talks, discussions and working groups, the Dagstuhl seminar was closed with a final plenary discussion which summarized again the results from the working groups and led to a compilation of a list of open issues that participants consider necessary to be addressed. Those issues partly overlap with the list of open issues identified in the seminar proposal but also uncovered many new challenges that may become highly relevant research topics and may lead to a new agenda for future research. Those issues are discussed at the end of this report.